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COMPUIBtWORlD 


PROJECTS 


AT&T's  new  intranet 
brings  automated 
business  procedures 
to  the  desktops  of 
10,000  customer 
service  reps. 
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ADVICE 


Think  of  intranets  as 
corporate  utilities. 
Focus  on  creating  a 
secure  infrastructure; 
users  can  provide 
content  and 
applications. 
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EXPLAINER  Hybrid  firewalls. The 

new  generation 
combines  authenti¬ 
cation,  packet  filter¬ 
ing,  application 
proxies,  encryption. 
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ANALYSIS 


DON’T  PANIC. The  right  mix  of 
technologv  and  good  management  can 
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ANALYSIS 


INNERSECURITY 


BY  GARY  H.  ANTHES 

Since  your  intranet  is  closed  to 
the  public,  you  needn’t  worry 
about  things  that  go  hack  in  the 
night.  Right? 

Wrong.  Intranets  are  prime  tar¬ 
gets  for  disgruntled  employees, 
hackers  and  competitors. 

“Internal  networks  are  now 
taking  on  all  the  properties  of  the 
public  networks  that  frighten  us 
—  openness,  complexity  and  flat¬ 
ness,”  observes  Bill  Murray,  a 
security  consultant  at  Deloitte  & 
Touche. 

Worse,  user-controlled 
intranets  can  leave  security  to  the 
clueless. 

The  good  news  is,  established 
security  technology  and  manage¬ 
ment  practices  transplant  well 
into  the  intranet  environment. 

Here’s  a  quick  spin  through 
some  effective  tools  and  tactics. 


TECHNOLOGY 

TACTICS 


FIREWALLS 

This  protective  software  and  hardware 
blocks  unwanted  users  and  activities 
from  intranets.  Some  companies  go  a 
step  further,  breaking  internal  nets  into 
subnets  isolated  by  firewalls. 

The  drawback:  Such  network  balka¬ 
nization  may  sacrifice  hard-won  con¬ 
nectivity. 

ACCESS  CONTROL 

Protecting  individual  systems  and 
applications  with  passwords  and  other 
traditional  protections  may  make  more 
sense  than  using  firewalls.  These  mea¬ 
sures  are  less  costly  and  less  likely  to 
block  desired  activities. 

Example:  The  California 

Environmental  Protection  Agency 
uses  passwords  and  built-in  Unix  secu¬ 
rity  —  such  as  read/write  permissions 
—  to  protect  the  confidential  intranet- 
based  data  provided  by  pesticide  man¬ 
ufacturers.  The  agency  has  an  Internet 
firewall  that  protects  the  organization 
from  the  public,  but  no  firewalls  that 
protect  intranets  specifically. 

FIRE  FENCES 

Boston  Edison  Co.  employs  “fire 
fences”  —  routers  programmed  with 
user-specified  data  packet-filtering  — 
to  guard  several  intranets. 

“We  are  doing  traffic  policing,” 
explains  John  Dubiel,  Boston  Edison’s 
planning  manager.  His  particular  wor¬ 
ries  are  less  about  malicious  intranet 
activity  than  accidents  that  could  slow 


or  crash  a  key  subnetwork. 

ENCRYPTION 

Outside  the  military,  use  of  encryption  is 
not  widespread.  But  encryption  is 
emerging  as  a  viable  intranet  security 
technology.  A  few  companies  encrypt 
files  and  messages  passing  over 
intranets.  Almost  none  scramble  data 
storage. 

But  immature  technology  makes 
encryption  “a  management  night¬ 
mare,”  warns  David  Bauer,  a  principal  in 
information  systems  at  Morgan 
Stanley,  an  investment  firm  in  New 
York.  Vendors,  especially  those  who  sell 
firewalls,  are  rushing  to  simplify  prod¬ 
ucts. 

INTRUDER  RADAR 

“Intrusion  detection”  software  and 
other  audit  tools  that  spot  outsiders  and 


DYSFUNCTIONAL  FAMILIES 


i.  What  kinds  of  information  seen  rity  ** , 
breaches  have  you  experienced  in  i 
^  the  past  12  months?  '  ■  ' 


Base:  400  security  professionuls 
?  responding  t0  survey  by  Yankee  Group 
and  Info  Security  News 
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BUILD  IN  SECURITY 


Short-sighted  companies  and  many 
non-IS  leaders  may  ignore  security. 
That’s  because  they  think  it  has  little 
impact  on  user  satisfaction  or  the  bot¬ 
tom  line.  Resist  the  temptation  and 
build  in  security  from  the  project  start. 

Example:  One  company,  which 
requested  anonymity,  hired  a  young 
Web  wizard  to  establish  an  intranet. 
Unfortunately,  he  never  met  with  the  IS 


security  officer.  A  subsequent  network 
audit  revealed  costly  security  flaws. 

SOUND  POLICIES 

Intranet  firewalls  and  passwords  mean 
nothing  if  confidential  data  gets  posted 
in  a  public  place,  notes  California  EPA 
systems  analyst  John  Stutz.  IS  man¬ 
agers  and  consultants  agree:  Written 
policies  and  employee  security  training 
are  key. 

Tip:  Post  your  security  documenta¬ 
tion  in  hypertext  on  intranets.  “It’s  a 
good  way  to  get  security  documents  to 
the  right  people  at  the  right  time,”  says 
Murray,  former  IBM  security  czar.  And 
it  turns  a  security  liability  into  a  securi¬ 
ty  asset. 

Anthes  is  Computerworld’s  senior 
editor  for  government  and  security. 


suspicious  network 
activity  are  less  useful  on 
intranets,  according  to  Richard 
Mandelbaum,  president  of  NyserNet,  a 
Great  Neck,  N.Y.,  Internet  service 
provider. 

Better  are  sophisticated  new  audit 
tools  built  for  the  Internet  and 
intranets,  such  as  InCharge  from 
System  Management  Arts,  Inc.  in  White 
Plains,  N.Y.The  software  manages  Web 
services,  electronic  mail,  domain  name 
service,  file  transfer  protocol  and 
Usenet  news  services.  It  can  apply 
access  controls  by  service,  network  pro¬ 
tocol,  network  address,  time  of  day  and 
user. 


For  an  expanded  version  of  this 
article,  see  our  online  version  at 
www.computerworld. 
com/intranets. 

Also  on  the  site  this  month: 

•  Conference:  "Are  firewalls 
sufficient  for  intranets?" 

•  QuickPoll:  "How  secure 
do  you  feel?" 


MANAGEMENT 

TACTICS 


Intranets  are  Darwinian. 

Strong  companies  with  good  security  will  get 
stronger,  taking  intranets  in  stride.  Companies 
with  shabby  security  can  say  hello  to  a  new  world 
of  inner  pain. 

Fortunately,  evolution  by  definition  builds  on 
the  past  Many  established  Internet  security  prac¬ 
tices  and  technologies 
transplant  well  inside 
the  firewall.The  aim  is 
the  same;  Create  solid 
security  without  going 
crazy  and/or  busting  the  budget 

A  new  wave  of  intranet  security  products 
should  take  some  burden  off  IS.  Even  so,  if  your 
security  is  sloppy,  now's  the  time  to  make  it 
crisper.  Bring  in  hired  guns  if  necessary.  Sure,  it 
will  cost  you  three  figures  an  hour,  but  it  could 
save  you  a  lot  later. 

Heed  the  preventive  counsel  of  TV  sheriff/geek 
Barney  Fife,  who  advised:  "Nip  iti  Nip  it!  Nip  it  in 

Joseph  Maglitta 
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Today  s  intranet  supports  only  the  Web  and  has  an  ill- 
defined  relationship  with  the  installed  base  of  propri¬ 
etary  network  operating  systems  like  NetWare.This  will 
change.  Over  the  next  four  years  the  role  of  the  propri¬ 
etary  [network  operating  system]  will  fade  as  the 
intranet  is  enhanced  with  essential,  standards-based 
setvices.Tom  Pincince,  analyst  Forrester  Research,  Inc, 

The  technology  of  intranets  is  a  slam  dunk.  How  I  con¬ 
nect  that  wire  is  a  set  of  mun¬ 
dane  choices. The  number  one 
technical  challenge  is  going 
from  current  state  to  end  state, 
[to  a  finished  intranet]. Its  bal¬ 
ancing  time,  economics  and  the 
current  technology.  When  do  you  turn  something  off  and 
when  do  you  turn  it  on  and  how?  Alan  Frank,  chief  tech¬ 
nical  officer,  KMPG  Peat  Marwick 

Whether  you  intend  it  or  not  the  intranet  is  going  to  be  a 
utility  infrastructure.  After  people  get  comfortable  with 
the  technology  and  management  in  a  skunkwork  or  offi¬ 
cial  pilot  you  get  into  the  infrastructure  development 
phase.  A  lot  of  companies  sort  of  stumble  into  it  When 
you  get  there,  you're  not  going 
to  do  a  traditional  prioritized 
project  list  Your  main  objective 
should  be,  "How  can  I  imple¬ 
ment  the  infrastructure  so  that 
everyone  can  participate?" 
Think  about  who  should  be  access  providers,  content 
providers,  application  providers.  Steve  Telleen,  intranet 
consultant  Amdahl  Corp. 

Current  systems  management  tools  are  not  equipped  to 
deal  with  the  technologies  such  as  hyperlinks,  Java,  CGI. 
In  fact  the  systems  management  tools  for  existing 
enterprise  software  market  are  so  ill-equipped  that 
these  vendors  will  be  spending  the  next  few  years 
improving  these  tools  to  meet  today's  requirements. 
Ulias  Naik,  intranet  analyst  First  Albany-Meta 
Research 


AT&T  Corp. 

Customer  Care  Division 

Basking  Ridge,  NJ. 

The  largest  U.S. 
telecommunications  company 

Gene  Speicher,  Division  Manager 
Mark  Francis,  Desktop  Solutions  Manager 

What  they're  doing 

Creating  intranet-based  knowledge  man¬ 
agement  system  that  gives  10,000  cus¬ 
tomer  service  reps  desktop  access  to  busi¬ 
ness  procedures  and  policies. 


worker  nervousness.  “People  know  this  is 
the  leading  edge,”  says  Speicher.  “They 
don’t  want  to  get  left  behind.  We  have  to 
take  pains  to  make  sure  they  understand 
they  are  going  to  participate  in  a  phased, 
logical  way.” 

Advice  for  IS 

“Don’t  fool  with  the  content,”  Francis  says. 
“Develop  a  tool  set  and  infrastructure  that 
allows  partners  to  easily  get  into  it.  Do 
everything  you  can  to  make  getting  con¬ 
tent  into  your  search  engines  as  easy  as 
possible.” 

Next  steps 

Put  remaining  5,500  small  business  reps  on 
system  by  year’s  end;  integrate  with  20 
legacy  systems;  offer  customer  self-service 
via  World  Wide  Web  site. 

—  Joseph  Maglitta 


Replaces 

Manual  binders  with  Post-its  attached; 
classroom  training;  individual  access  to  20 
legacy  systems. 

Benefits 

Helps  consolidate  27  call  centers  into  one. 
Cuts  annual  training  time  from  50  days  to 
25.  Creates  single  point  of  contact  for  cus¬ 
tomers.  Reduces  average  call  length  by 
50%.  Enables  AT&T  to  enter  the  local  ser¬ 
vice  market. 

Cost/time 

Budget  not  available.  Two-year  project, 
50%  done. 

Staffing 

Initial  process  consulting  from  McKinsey 
&  Co.;  25  consultants  from  Renaissance 
Solutions  for  knowledge  management  sys¬ 
tem;  125  content  developers;  20  internal  IS 
developers. 

Tools 

Netscape  1.1  browser,  Web  Author,  vari¬ 
ous  Unix  desktop  workstations.  Motif 
GUI,  two  Hewlett-Packard  Co.  servers. 

Biggest  technical  challenge 

“You’re  never  done.  The  knowledge 
always  changes  and  evolves,”  Francis  says. 

Biggest  people  challenge 

Building  a  process  and  organization  that 
will  keep  content  fresh,  and  quelling 


For  an  expanded  Q&Awith 
Speicher,  see  our  online  version 
atwww.computerworld. 
com/intranets.  Also  featured: 
•Speicher  speaks:  RealAudio 
•  Knowledge  management 
graphics,  screen  shots 
•Link  to  AT&T's  home  page 


GENE  SPEICHER, 
DIVISION 
MANAGER, 

AT&T:  "The  beau¬ 
ty  of  the  intranet 
and  the  tools  is 
speed. " 
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Intranets.  They  streamline  communications  and  give  your  company  the  edge  it  needs  to  compete.  Thai’s  why  we  created  Nelra  i™  the 
servers  built  exclusively  for  the  intranet.  Each  comes  with  essential  software  that  make  deployment  and  management  a  cinch. 
Software  like  JavaScript  and  the  Java™  Developers  Kit  so  you  can  begin  developing  and  using  applets  and  applications  right 
away.  Tools  like  Netscape™  Navigator  Gold  for  authoring,  Netscape  Enterprise  Server  for  world  class  web  serving,  and  Netscape  LiveWire  for 
management.  In  one  stop,  you  have  everything  you  need  to  manage,  create  and  control  your  intranet  applications. 

Little  wonder  Netra  i  is  the  choice  of  intranet  professionals  and  where  your  business  truly  wants  to  go  today. 


To  learn  more,  contact  http://www.sun.com  or  T800-786-0785,  Ext.385.  THE  NETWORK  IS  THE  COMPUTER" 


microsystems 


01996  Sun  Microsystems,  Inc.  All  rights  reserved  Sun,  Sun  Microsystems,  the  Sun  Logo,  Nelra  i ,  Solstice,  Java,  and  The  Network  Is  The  Computer  are  trademarks  or  registered  trademarks  ol  Sun  Microsystems,  Inc  in  the  United  Stales  and  other  countries  Netscape  is  a  trademark  or  n,- : 
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"Building  Intranet  Security"  and  "The  Full  Service  Intranet  Resource  Centre. Publications,  news-  The  Corporate  Intranet,  hy 

lntranel"Two  more  crisp.  no-B.S.  missives  with  groups,  white  papers,  tech  information  on  author-  Ryan  Bernhard.  395  pages, 

practical  near-  and  medium-term  advice  for  IS.  ing  tools,  groupware,  multimedia  -  it's  all  here:  $29.95.  Solid  soup-to-nuts 

Forrester  Research,  Inc.,  Cambridge,  Mass.  (http://www.infoweb.com.au/intralnk.htm).  overview.  Includes  case  stud- 

(http://www.forrester.com).  (61 7)  497-7090.  ies.  Wiley  Computer 
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NEW  HYBRID 
FIREWALLS 

Firewalls  used  to  come  in 
well-defined  categories: 
packet  filter,  circuit  gateway 
or  application  proxy.  Many 
new  offerings  are  hybrids, 
employing  two  or  more  fil¬ 
tering  mechanisms  and  a 
mix  of  techniques. 

Some  use  authentication, 
which  requires  users  to  log 
in  through  a  server  with  a 
password.  Others  use  data 
encryption,  which  scrambles 
outgoing  files  that  contain 
sensitive  information.  A  sys¬ 
tem  on  the  other  end  with 
the  encryption  algorithm 
decrypts  it. 

The  diagram  at  right  rep¬ 
resents  a  composite  of  these 
elements.  Firewalls  don’t  try 
to  encompass  all  of  them; 
users  mix  and  match  based 
on  their  needs. 

—  Charles  Babcock 


% 


Visit  our  Web  site  at 

www.computerworld. 
LXJ  com/intranets  for 
links  to  security- 
minded  Web  sites  or 
to  consult  our 
glossary. 


2.  Application  proxy 

This  special-purpose  software  restricts 
incoming  traffic  to  a  specified  applica¬ 
tion,  such  as  your  E-mail  system  or 
Lotus  Notes.  Likewise,  outgoing  traffic 
can  be  restricted  if  it  comes  from  an 
unauthorized  application. 


3.  Circuit  level  gateway 

This  gateway  connects  an  outside 
TCP/IP  port  to  an  internal  destination, 
often  a  shared  resource  like  a  printer. 
An  access  control  mechanism  on  the 
gateway  determines  whether  the  user 
connected  to  the  TCP/IP  port  is  coming 


from  a  source  authorized  to  reach  the 
printer.  If  the  user  is  authorized,  the 
message  is  passed  on  without  review. 


4.  Authentication 

A  system  like  Kerberos,  a  standard  in 
the  Unix  world,  gives  a  user  seeking 
access  to  the  internal  network  a  pri¬ 
vate  key  shared  with  a  service  on  a 
host.  When  a  key  distribution  center 
clears  the  user’s  key,  it  unlocks  access  to 
the  host  service. 


5.  Encryption 

Most  outside  networks,  including  the 
Internet,  offer  opportunities  for  listen¬ 
ing  devices  to  sense  and  capture  the 
traffic  as  it  moves  along.  Encrypting  an 
incoming  data  stream  and  passing  it 
through  a  firewall  safeguards  against  its 
being  picked  up. 

Babcock  is  ComputerworldA  technical 
editor. 


1.  Packet  filtering 

Tliis  filtering  is  often  the  first  on 
incoming  traffic.  A  router  examines 
each  packet  and,  by  following  rules 
programmed  into  it,  accepts  messages 
from  certain  servers  or  nodes  and 
drops  all  others.  . 
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Barksdale 


Nets  c  a  p  e  '  s  James 
on  Informix. 


I 


At  Informix,  we  deliver 
innovative  database 
technology  for  a  grow¬ 
ing  number  of  industry  leaders 
worldwide.  By  teaming  with 
companies  who  share  our 
vision,  we  provide  our  customers 
with  the  solutions  they  need 
to  stay  ahead  of  change, 
make  the  most  of  emerging 
opportunities,  and  gain  a 
competitive  edge  in  business. 


U  INFORMIX 


©  1996  Informix  Software,  Inc.  All  right.s  reserved  The  following  are 
worldwide  trademarks  of  Informix  Corporation,  Informix  Software,  Inc, 
or  their  subsidiaries,  registered  in  the  United  Slates  as  indicated  by  ®, 
and  in  numerous  other  countries  worldnioe  INFORMIX*  All  other 
names  or  marks  may  be  trademarks  of  their  respective  owners 


"Netscape  partners  with 
Informix  because  of  its 
unique  Web  database 
technology. 

Together,  we  provide  customers  an 
ideal  solution  for  n  e  x  t  -  g  e  n  e  r  a  t  i  o  n  , 
high-performance,  content-rich 
Web  applications." 


"The  Web  requires  a  database  that 
combines  high  performance  with  the 
ability  to  manage  a  wide  range  of 
new  datatypes  — i  mage,  video, 
text,  geo-spatial,  and  more. 

Informix  and  Netscape  enable 
customers  to  quickly  develop 
powerful,  innovative  Web 
applications  that  meet  any 
business  requirement." 


James 

Barksdale 

President  and  CEO, 
Netscape 
Communications 


Jeff 

Hudson 

VP  of  Business 
Development, 
Informix 
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Trying  to  find  accurate 
j^BUi  information  in  the 
midst  of  ail  the 
HjjjH  intranet  hype  is  a 
HK  challenge.  Relax. 
BBI  You’ll  feel  a  lot 
better  when  you 
get  the  facts  from 
the  industry  experts.  Call  for  your 
free  Forrester  Reports  on  intranets 
and  Web  server  software.  Both  ana¬ 
lysts  and  the  trade  press  agree,  if 
you’re  building  an  intranet,  you  need 
to  consult  Netscape. 


Call  for  your  free 
Forrester  Reports; 

The  Full  Service  Intranet 
and  Which  Web  Server? 


Forrester  defines  Full  Service  Intranet 
as:  standardized  e-mail,  directory,  file 
print,  and  network  management. 
Netscape  gets  it.  And  with  SuiteSpot 
it  has  begun  to  deliver  on  the  vision. 

-The  Forrester  Report 
The  Full  Service  Intranet,  March,  1996 

And  PC  WEEK  said: 

For  corporations  planning  to  use 
internet-based  technologies  for  internal 
use,  [Netscape]  SuiteSpot  is  shaping  up 
as  a  better  alternative... 

-PC  WEEK,  May  13,  1996 


Netscape’s  full  range  of  intranet 
solutions  provides  greater  function¬ 
ality  and  costs  less  to  implement  than 
proprietary  intranet  solutions  like 
Lotus  Notes  and  Microsoft  BackOffice. 
In  fact,  when  Forrester  polled  profes- 
Lged  Web  sites,  80% 


mam 


sionally  mana; 
indicated  they  had  chosen  Netscape. 

So  call,  or  visit  our  Intranet 
Solutions  site  at  home.netscape.com 
to  find  out  for  yourself.  And  breathe 
a  sigh  of  relief. 


•  - . 


FOR^mEi  SERVER  VISITS 
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